List of usage examples for javax.net.ssl TrustManagerFactory getTrustManagers
public final TrustManager[] getTrustManagers()
From source file:com.machinepublishers.jbrowserdriver.StreamConnectionClient.java
private static SSLContext sslContext() { final String property = SettingsManager.settings().ssl(); if (property != null && !property.isEmpty() && !"null".equals(property)) { if ("trustanything".equals(property)) { try { return SSLContexts.custom().loadTrustMaterial(KeyStore.getInstance(KeyStore.getDefaultType()), new TrustStrategy() { public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; }/*w ww . j a v a 2 s .co m*/ }).build(); } catch (Throwable t) { LogsServer.instance().exception(t); } } else { try { String location = property; location = location.equals("compatible") ? "https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt" : location; File cachedPemFile = new File("./pemfile_cached"); boolean remote = location.startsWith("https://") || location.startsWith("http://"); if (remote && cachedPemFile.exists() && (System.currentTimeMillis() - cachedPemFile.lastModified() < 48 * 60 * 60 * 1000)) { location = cachedPemFile.getAbsolutePath(); remote = false; } String pemBlocks = null; if (remote) { HttpURLConnection remotePemFile = (HttpURLConnection) StreamHandler .defaultConnection(new URL(location)); remotePemFile.setRequestMethod("GET"); remotePemFile.connect(); pemBlocks = Util.toString(remotePemFile.getInputStream(), Util.charset(remotePemFile)); cachedPemFile.delete(); Files.write(Paths.get(cachedPemFile.getAbsolutePath()), pemBlocks.getBytes("utf-8")); } else { pemBlocks = new String(Files.readAllBytes(Paths.get(new File(location).getAbsolutePath())), "utf-8"); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Matcher matcher = pemBlock.matcher(pemBlocks); boolean found = false; while (matcher.find()) { String pemBlock = matcher.group(1).replaceAll("[\\n\\r]+", ""); ByteArrayInputStream byteStream = new ByteArrayInputStream( Base64.getDecoder().decode(pemBlock)); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) cf .generateCertificate(byteStream); String alias = cert.getSubjectX500Principal().getName("RFC2253"); if (alias != null && !keyStore.containsAlias(alias)) { found = true; keyStore.setCertificateEntry(alias, cert); } } if (found) { KeyManagerFactory keyManager = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManager.init(keyStore, null); TrustManagerFactory trustManager = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManager.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManager.getKeyManagers(), trustManager.getTrustManagers(), null); return context; } } catch (Throwable t) { LogsServer.instance().exception(t); } } } return SSLContexts.createSystemDefault(); }
From source file:org.forgerock.openig.http.HttpClient.java
/** * Returns a new SSL socket factory that does not perform hostname verification. * * @param keyManagerFactory/*from www . ja v a 2 s . c o m*/ * Provides Keys/Certificates in case of SSL/TLS connections * @param trustManagerFactory * Provides TrustManagers in case of SSL/TLS connections * @throws GeneralSecurityException * if the SSL algorithm is unsupported or if an error occurs during SSL configuration */ private static SSLSocketFactory newSSLSocketFactory(final KeyManagerFactory keyManagerFactory, final TrustManagerFactory trustManagerFactory) throws GeneralSecurityException { SSLContext context = SSLContext.getInstance("TLS"); context.init((keyManagerFactory == null) ? null : keyManagerFactory.getKeyManagers(), (trustManagerFactory == null) ? null : trustManagerFactory.getTrustManagers(), null); SSLSocketFactory factory = new SSLSocketFactory(context); factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); return factory; }
From source file:com.baasbox.android.HttpUrlConnectionClient.java
private static SSLSocketFactory createSocketFactory(Context context, int certStoreId, String certPassword) { TrustManagerFactory tmf; InputStream in = null;/*from w w w . j a v a 2 s. c o m*/ try { in = context.getResources().openRawResource(certStoreId); KeyStore keyStore = KeyStore.getInstance("BKS"); keyStore.load(in, certPassword.toCharArray()); tmf = TrustManagerFactory.getInstance("X509"); tmf.init(keyStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tmf.getTrustManagers(), null); return sslContext.getSocketFactory(); } catch (Exception e) { throw new BaasRuntimeException(e); } finally { if (in != null) { try { in.close(); } catch (IOException e) { // swallow } } } }
From source file:com.micromux.cassandra.jdbc.CassandraConnection.java
private static SSLContext getSSLContext(String trustPath, String trustPass) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException, KeyManagementException { FileInputStream tsf = null;/*from w ww. ja v a2 s. co m*/ SSLContext ctx = null; try { tsf = new FileInputStream(trustPath); ctx = SSLContext.getInstance("SSL"); KeyStore ts = KeyStore.getInstance("JKS"); ts.load(tsf, trustPass.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts); ctx.init(null, tmf.getTrustManagers(), new SecureRandom()); } catch (Exception e) { e.printStackTrace(); } finally { if (tsf != null) { try { tsf.close(); } catch (IOException ix) { logger.warn("Error Closing Trust Store: " + trustPath, ix); } } } return ctx; }
From source file:com.aware.ui.Plugins_Manager.java
/** * Downloads and compresses image for optimized icon caching * @param image_url/*from w ww. java 2 s . c om*/ * @return */ public static byte[] cacheImage(String image_url, Context sContext) { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = sContext.getResources().openRawResource(R.raw.aware); Certificate ca; try { ca = cf.generateCertificate(caInput); } finally { caInput.close(); } KeyStore sKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream inStream = sContext.getResources().openRawResource(R.raw.awareframework); sKeyStore.load(inStream, "awareframework".toCharArray()); inStream.close(); sKeyStore.setCertificateEntry("ca", ca); String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(sKeyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); //Fetch image now that we recognise SSL URL image_path = new URL(image_url.replace("http://", "https://")); //make sure we are fetching the images over https HttpsURLConnection image_connection = (HttpsURLConnection) image_path.openConnection(); image_connection.setSSLSocketFactory(context.getSocketFactory()); InputStream in_stream = image_connection.getInputStream(); Bitmap tmpBitmap = BitmapFactory.decodeStream(in_stream); ByteArrayOutputStream output = new ByteArrayOutputStream(); tmpBitmap.compress(Bitmap.CompressFormat.PNG, 100, output); return output.toByteArray(); } catch (MalformedURLException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } return null; }
From source file:it.paolorendano.clm.AbstractCassandraDAO.java
/** * Gets the SSL context.//from w ww . ja v a2 s.c om * * @param truststorePath the truststore path * @param truststorePassword the truststore password * @param keystorePath the keystore path * @param keystorePassword the keystore password * @return the SSL context * @throws NoSuchAlgorithmException the no such algorithm exception * @throws KeyStoreException the key store exception * @throws CertificateException the certificate exception * @throws IOException Signals that an I/O exception has occurred. * @throws UnrecoverableKeyException the unrecoverable key exception * @throws KeyManagementException the key management exception */ private static SSLContext getSSLContext(String truststorePath, String truststorePassword, String keystorePath, String keystorePassword) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException, KeyManagementException { /* taken from http://www.datastax.com/dev/blog/accessing-secure-dse-clusters-with-cql-native-protocol */ FileInputStream tsf = new FileInputStream(truststorePath); FileInputStream ksf = new FileInputStream(keystorePath); SSLContext ctx = SSLContext.getInstance("SSL"); KeyStore ts = KeyStore.getInstance("JKS"); ts.load(tsf, truststorePassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(ksf, keystorePassword.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, keystorePassword.toCharArray()); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return ctx; }
From source file:com.vmware.identity.openidconnect.client.OIDCClientUtils.java
static HttpResponse sendSecureRequest(HttpRequest httpRequest, KeyStore keyStore) throws OIDCClientException, SSLConnectionException { Validate.notNull(httpRequest, "httpRequest"); Validate.notNull(keyStore, "keyStore"); TrustManagerFactory trustManagerFactory; SSLContext sslContext;/*from w w w . j a v a2 s .c o m*/ try { trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustManagerFactory.getTrustManagers(), null); } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { throw new SSLConnectionException("Failed to build SSL Context: " + e.getMessage(), e); } return sendSecureRequest(httpRequest, sslContext); }
From source file:org.araqne.pkg.HttpWagon.java
public static InputStream openDownloadStream(URL url, TrustManagerFactory tmf, KeyManagerFactory kmf) throws KeyManagementException, IOException { SSLContext ctx = null;//w w w. j a va2 s .c o m try { ctx = SSLContext.getInstance("SSL"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } TrustManager[] trustManagers = null; KeyManager[] keyManagers = null; if (tmf != null) trustManagers = tmf.getTrustManagers(); if (kmf != null) keyManagers = kmf.getKeyManagers(); ctx.init(keyManagers, trustManagers, new SecureRandom()); HttpsSocketFactory h = new HttpsSocketFactory(kmf, tmf); Protocol https = new Protocol("https", (ProtocolSocketFactory) h, 443); Protocol.registerProtocol("https", https); HttpClient client = new HttpClient(); HttpMethod method = new GetMethod(url.toString()); client.executeMethod(method); return method.getResponseBodyAsStream(); }
From source file:org.apache.hadoop.hdfsproxy.ProxyUtil.java
private static void setupSslProps(Configuration conf) throws IOException { FileInputStream fis = null;/*from ww w . ja v a 2s. c om*/ try { SSLContext sc = SSLContext.getInstance("SSL"); KeyManager[] kms = null; TrustManager[] tms = null; if (conf.get("ssl.client.keystore.location") != null) { // initialize default key manager with keystore file and pass KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance(conf.get("ssl.client.keystore.type", "JKS")); char[] ksPass = conf.get("ssl.client.keystore.password", "changeit").toCharArray(); fis = new FileInputStream(conf.get("ssl.client.keystore.location", "keystore.jks")); ks.load(fis, ksPass); kmf.init(ks, conf.get("ssl.client.keystore.keypassword", "changeit").toCharArray()); kms = kmf.getKeyManagers(); fis.close(); fis = null; } // initialize default trust manager with keystore file and pass if (conf.getBoolean("ssl.client.do.not.authenticate.server", false)) { // by pass trustmanager validation tms = new DummyTrustManager[] { new DummyTrustManager() }; } else { TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); KeyStore ts = KeyStore.getInstance(conf.get("ssl.client.truststore.type", "JKS")); char[] tsPass = conf.get("ssl.client.truststore.password", "changeit").toCharArray(); fis = new FileInputStream(conf.get("ssl.client.truststore.location", "truststore.jks")); ts.load(fis, tsPass); tmf.init(ts); tms = tmf.getTrustManagers(); } sc.init(kms, tms, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { throw new IOException("Could not initialize SSLContext", e); } finally { if (fis != null) { fis.close(); } } }
From source file:net.jmhertlein.mcanalytics.api.auth.SSLUtil.java
/** * Builds an SSLConect that trusts the trust material in the KeyStore * * @param trustMaterial//from w w w . ja va 2s . c o m * @return */ public static SSLContext buildContext(KeyStore trustMaterial) { SSLContext ctx; try { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustMaterial); KeyManagerFactory keyMgr = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyMgr.init(trustMaterial, new char[0]); ctx = SSLContext.getInstance("TLS"); ctx.init(keyMgr.getKeyManagers(), tmf.getTrustManagers(), null); } catch (KeyStoreException | UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException ex) { Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex); ctx = null; } return ctx; }